XiaoCms Arbitrary Directory Deletion Vulnerability

XiaoCms is a lightweight content management system CMS based on PHP and MySQL and capable of running on Linux, Windows and other platforms. XiaoCms 20141229 version of the admin\controller\database.php file exists arbitrary directory deletion vulnerability, an attacker can...

CVE-2018-19197

An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths=../ directory traversal...

Robber - Tool For Finding Executables Prone To DLL Hijacking

Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies. What is DLL hijacking ?! Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path triggering this search...

ADModule - Microsoft Signed ActiveDirectory PowerShell Module

Microsoft signed DLL for the ActiveDirectory PowerShell module Just a backup for the Microsoft's ActiveDirectory PowerShell module from Server 2016 with RSAT and module installed. The DLL is usually found at this path: C:\Windows\Microsoft.NET\assembly\GAC64\Microsoft.ActiveDirectory.Management a...

CVE-2018-18748

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system"cmd" or os.system"powershell", within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality...

CVE-2018-18702

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=importrule because the upfile content is base64 decoded, deserialized, and used for database insertion...

Design/Logic Flaw

DISPUTED 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system"CMD" or os.system"PowerShell", within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue...

PT-2018-14540 · Qihoo 360 · 360 Total Security

Name of the Vulnerable Software and Affected Versions: 360 Total Security version 3.5.0.1033 Description: The issue allows a Sandbox Escape via an import os statement, followed by os.system"CMD" or os.system"PowerShell", within a .py file. The vendor considers this a security-related issue but do...

Audacity 2.3 - Denial of Service (PoC)

Exploit Title: AudaCity 2.3 - Denial of Service PoC Author: Kağan Çapar Discovery Date: 2018-10-19 Software Link: https://www.fosshub.com/Audacity.html Vendor Homepage : https://www.audacityteam.org Tested Version: 2.3 Tested on OS: Windows 10 x64/86 Normal use CPU & Windows 7 High CPU usage &...

GHSA-3PPH-2595-CGFH There is a XML external entity expansion (XXE) vulnerability in Apache Solr

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...

IBM Security AppScan Standard 9.0.3 .udt Denial Of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: IBM Security AppScan Standard 9.0.3 .udt Denial Of Service Author: Kağan Çapar Software Link: http://www-01.ibm.com/support/docview.wss?uid=ibm10715965 Vendor Homepage : https://www.ibm.com/security/application-security/appscan...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-23226)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the handling of the importData method of the Host object in Foxit Reader 9.2.0.9297 a...

EKFiddle v.0.8.2 - A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Installation Download and install the latest version of Fiddler https://www.telerik.com/fiddler Special instructions for Linux and Mac here:...

Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...

CVE-2018-0414

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an XML file. An attack...

CVE-2018-17408

Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu...

CVE-2018-17408

Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu...

BYOB - Build Your Own Botnet

BYOB Build Your Own Botnet Disclaimer : This project should be used for authorized testing or educational purposes only. BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the...

h1-5411-CTF: H1-5411 CTF Writeup

So, Hackerone posted a tweet about the Meme CTF Where barcode was in the tweet image by scanning it and decoding from hex I found this link : https://h1-5411.h1ctf.com/ where we can create/generate a memes and for generating the meme this was used form GitHub which i found in source code analysis...

CVE-2018-16277

The Image Import function in XWiki through 10.7 has XSS...